API Security: Applying the Separation of Concerns Design Principle

You may have been wondering what a clever person like Edsger Dijkstra would have considered the best way to approach API security. You aren't the only one. Start by checking out our latest video on API security before we dive into what’s needed for API security and identity integration with business applications.

 

 

 

Security professionals, API architects and IAM owners are under pressure to increase agility for their organization while offering engineering freedom at the same time. Sounds simple, right? Except it’s not. There’s widespread fear of application logic breaking due to future security updates if security isn’t externalized, which it often isn’t.

What helps is applying a design principle called Separation of Concerns, commonly attributed to computer science pioneer Edsger Dijkstra. Generally speaking, by separating security from application logic you create a greater level of simplification for your infrastructure as well as your developers.

An organization’s business aspects, and their applications, of the system can evolve largely independent of security considerations. Likewise, security aspects can evolve freely without impacting the business. The benefits are twofold and go hand in hand.

API Security: Separate Your Concerns

APIs take the same approach in terms of security – you want and need the ability to separate API security from application logic. In the digital world, many critical services are delivered via APIs, however securing them should not be a task for the business developer alone.

A ForgeRock customer within financial services struggled to expose a myriad of APIs delivered by multiple business units. They needed to expose the business REST APIs internally and with partner organizations around the globe.

In order for business teams to fully focus on application logic, the separation of concerns strategy requires an out-of-the-box API security solution. This solution must provide the necessary security infrastructure consumable as a service and deployable with modern devops technology (such as Docker and Kubernetes).

This is where ForgeRock provides a solution. We help organizations secure their APIs through their identity infrastructure using an API security gateway. ForgeRock Identity Gateway can be utilized to front business APIs and offload access management such as security token and scope validation. When our customer adopted ForgeRock Identity Gateway, they ultimately gained agility and reduced the amount of maintenance required during updates.

The Takeaway Here?

Separation of concerns design is necessary for API security and identity integration with business applications. Check out our latest API Security video above  to learn more.

Curious about how ForgeRock Identity Gateway works on a deeper level? Check out our guide here to learn how you can quickly enforce authorization by leveraging Identity Gateway as an OAuth2 resource server.

 

For other questions about our Identity Gateway Solution, visit us here.

Who Is Joachim Andres?

Who’s Joachim? As Product Management Director with 21 years of experience in the identity industry, Joachim helps organizations bridge their business to modern digital identity - and make the journey an easy downhill ride. In his leisure time, however, Joachim enjoys the challenge of cycling uphill.

Recent Posts:

API Security: Awareness and Moderation are Key

A Buddhist approach towards addressing the uncertainty of API Security

2500 years ago, light was shed on the philosophy of moderation. It was the key to health and happiness as taught in Buddhism. Similarly, this approach also applies to our reckless world of technology.

ForgeRock Identity Cloud: Early Access Program

We started a journey last December with the release of the ForgeRock Identity Platform 6.5, which helps customers transition millions of users from on-premises to cloud-hosted services in minutes.

API Security: Applying the Separation of Concerns Design Principle

You may have been wondering what a clever person like Edsger Dijkstra would have considered the best way to approach API security. You aren't the only one.